[Freeipa-users] PKI-CA fails to start (broken config after update?)

[swartz]

Hello,

Encountered same issue as described here:
https://www.redhat.com/archives/freeipa-users/2013-July/msg00133.html
https://www.redhat.com/archives/freeipa-users/2014-August/msg00224.html

Plain vanilla IPA setup. No changes, no customizations.
Recently IPA fails to start. Error happened right after a 'yum update' 
and reboot.

---------------------------------------
Starting pki-ca:                                           [  OK  ]
Usage: grep [OPTION]... PATTERN [FILE]...
Try `grep --help' for more information.
Usage: grep [OPTION]... PATTERN [FILE]...
Try `grep --help' for more information.
Usage: grep [OPTION]... PATTERN [FILE]...
Try `grep --help' for more information.
...
Failed to start CA Service
Shutting down
----------------------------------------

Digging into the matter further...
The line that causes the error above is in 
/usr/share/pki/scripts/functions (which is loaded by pki-ca init script):
netstat -antl | grep ${port} > /dev/null

The $port variable is blank so call to grep is without a search 
parameter. Hence invalid call to grep and subsequent error msg I'm 
seeing as above.

$port is defined just a few lines above as
port=`grep '^pkicreate.unsecure_port=' 
${pki_instance_configuration_file} | cut -b25- -`

BUT! For whatever reason there is no line that starts with 
"pkicreate.unsecure_port" in $pki_instance_configuration_file 
(/var/lib/pki-ca/conf/CS.cfg). Thus no port info is ever obtained for 
use in grep.

Why there is no such line in config file where one is expected is 
unknown to me...

Versions currently installed
ipa-server-3.0.0-37.el6.x86_64
pki-ca-9.0.3-32.el6.noarch

Did updates to pki packages clobber the configs? What got broken? How do 
I resolve it?

Thank you.